Human-Readable Audit Record Format

This section shows each audit record format as it appears in the output produced
by the praudit command. This section also gives a short description
of each audit token. For a complete description of each field in each token, see Appendix A, Audit Record Descriptions.

The following token examples show the form that praudit produces
by default. Examples are also provided of raw (-r) and short
(-s) options. When praudit displays an
audit token, it begins with the token type, followed by the data from the token. Each data
field from the token is separated from other fields by a comma. However, if a field (such
as a path name) contains a comma, this cannot be distinguished from a field-separating
comma. Use a different field separator or the output will contain commas. The token type
is displayed by default as a name, like header, or in -r format as a decimal number.